NIST announced it will restrict CVE enrichment efforts to three categories: actively exploited vulnerabilities in CISA's KEV database, vulnerabilities in federal agency software, and designated critical software including operating systems, browsers, security software, and VPNs. The shift reflects resource constraints after two years of struggling to keep pace with the explosion in vulnerability discoveries. Most CVE entries will no longer receive detailed enrichment data.
Policy
NIST gives up enriching most CVEs
NIST abandons CVE enrichment for most vulnerabilities due to resource constraints, focusing only on actively exploited flaws and critical software like OSes and browsers—leaving the bulk of the vulnerability landscape sparsely documented.
Friday, April 17, 2026 12:00 PM UTC2 MIN READSOURCE: Hacker NewsBY sys://pipeline
Tags
policy
/// RELATED
StrategyApr 21
Apple has an opportunity to rediscover humanity in its push toward AI
A leadership transition presents Apple with an opportunity to align its privacy-focused brand messaging with its profit-driven App Store gatekeeping practices and compliance with authoritarian governments.
ProductsApr 27
Open source Xiaomi MiMo-V2.5 and V2.5-Pro are among the most efficient (and affordable) at agentic 'claw' tasks
Xiaomi enters competitive open-source AI with MiMo-V2.5/Pro models positioned as the most efficient and affordable options for autonomous robotic agent control.